Archive for March, 2010

The Pwn2Own contest took place for this year at the CanSecWest security conference held on March 24th 2010. The aim of this contest is to call hackers looking for vulnerabilities in browsers and operating systems and exploit them. Τhis year is more interest due to the fact that has increased the pecuniary rewards for hacking computers and smart-phones. Last year were not given the rewards for smart-phones while no-one it could not attack them.

According to Symantec, China’s hacking scene is growing rapidly, having become second in the world, after the US. Chinese Internet users appear interested in criminal hacking and government spying. “China’s hacking scene is clearly an active one”, “These individuals and groups are known for discovering vulnerabilities, writing exploit code and developing sophisticated hacking techniques” as the report states.

Mozilla has released Firefox 3.6.2 almost a week ahead of schedule, after security issues were found in earlier versions. Firefox 3.6.2 was scheduled to launch at 30 of March, but is now available for download. The latest Firefox version fixes a vulnerability that could allow remote code execution attacks. Firefox is the second most popular browser in the web and its usage is between 20% and 32%.

Albert Gonzalez is a hacker mastermind who has committed a lot of crimes by stealing credit and debit cards by major US retailers. He has been described as a greed personality motivated by his ego and his thirst for acknowledgment by the public for his computer intrusions. Among his criminal activities he used to exploit a government agency through his cooperation with the U.S. Secret Service providing classified information to his co-conspirators in the credit-card theft cases. (more…)

One of the most prevalent piece of malware targeting consumers in the last week is an e-mail that supposed to be sent from facebook. This e-mail says that your password has been reset and you need to open the attachment in order to retrieve your password. The attachment contains a password stealer that can potentially access any username and password combination used on the computer, not just the login credentials for Facebook.

The Pwn2Own contest is back this year and is looking the new winner. The competition starts at 24th of March 2010. in Vancouver. The winner is the person that will successfully hack an application or a platform and the prize will be $100,000 USD and keep the target that exploit.

You might have been browsing on the web or doing something else while you where logged into msn and out of nowhere you received a strange message from one of your contact lists containing a strange URL, such as http://your_email.partytimez.info or some kind of zip file. Some of us being unsuspicious might have clicked on it and that’s what in the first placed begun the spreading of the malicious spam.

Last Friday, Google released a new security tool known as Skipfish, written by Michal Zalewski, a Polish security researcher and author of various tools and books, with contributions and feedback from Google’s information security engineering team. Skipfish aims to help web application developers secure and reveal various possible security flaws of their applications. Since web applications become more and more complex, developers need similar tools to check and validate the security of their code. Michal Zalewski wrote in a blog article, “The safety of the Internet is of paramount importance to Google, and helping web developers build secure, reliable web applications is an important part of the equation.”